Zero Trust Data

A new approach to privacy, data sharing, and governance in a data-driven world.

By now, we’re all aware of the competitive value of our data. You swim in a sea of it; you collect a mountain of it, with volume, variety, and velocity. What are your responsibilities with respect to this data? Why should anyone trust you with it? How can you share it and still meet your governance mandates? If you are pursuing a big data strategy, you need a framework for privacy, security, data sharing, and governance that people are willing to trust. Informed by the 7 Foundational Principles of Privacy by Design, PHEMI has implemented this framework as Zero Trust Data, a new approach to privacy, data sharing, and governance.

PHEMI’s Zero Trust Data framework involves several key innovations:

Metadata framework: a strategy for describing data.The metadata needs to be extensible, and modifiable as policies evolve.

Access control based on user attributes: Attributes are a way to describe users (people and applications).PHEMI’s access control strategy takes into account both and user attributes and data characteristics.

Policy-based control: In PHEMI’s Zero Trust Data implementation, metadata and user attributes are brought together into simple but powerful rules about who can see and do what with the data.Policy-based enforcement means that access control is implemented automatically and uniformly.

In-situ processing:PHEMI’s Data Processing Function framework provides the ability to securely process data so it can be presented as different views to different users based on their authorizations, without a person having to intervene.

In PHEMI’s Zero Trust Data strategy, users are decoupled from data. Decoupling data description from user description allows data to remain stable—data should never change—while personnel, roles, departments, authorizations, and even organizations can freely change without disrupting the implementation. Extensible metadata future-proofs the implementation. This makes change, even pervasive and frequent change, much easier to manage.

PHEMI Central takes a Zero Trust Data approach to ensure only the right data is provided to the right user at the right time.